On 03/28/11 14:00, Eric Paris wrote: > This patch adds support for using the last path component as part of the > information in making labeling decisions for new objects. A example > rule looks like so: > > type_transition unconfined_t etc_t:file system_conf_t eric; > > This rule says if unconfined_t creates a file in a directory labeled > etc_t and the last path component is "eric" (no globbing, no matching > magic, just exact strcmp) it should be labeled system_conf_t. > > The kernel and policy representation does not have support for such > rules in conditionals, and thus policy explicitly notes that fact if > such a rule is added to a conditional. Is there any plan for getting conditional support? -- Chris PeBenito Tresys Technology, LLC www.tresys.com | oss.tresys.com -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
